Set up Azure AD Terms of Use functionality within conditional access in Microsoft Intune

Set up Azure AD Terms of Use functionality within conditional access in Microsoft Intune

The Azure AD terms of use functionality have been recently upgraded. In this article we will have a look at configuring the Azure Azure AD terms of use functionality for Microsoft Intune while enrolling the devices.

Search for Conditional Access – Terms of Use – Click on terms of use – Select New Terms

Create a new terms of use. Here we have an option to upload our own company terms of use PDF. There is an option to choose the language format for the terms of use.

Following features can be enabled :

Require users to expand the terms of use – The end users will be required to view the terms of use prior to accepting.

Require users to consent of every device – The end users will be required to consent to the terms of use on every device.

Expire Consents – The terms of use will be enforced immediately and all users will be forced to re-consent on a schedule.

Duration before re-acceptance required (days) –The terms of use will be enforced immediately and each user will have to re-consent every specified number of days.

Once after completed this terms of use needs to be applied to conditional access as per the requirement.

We have 4 options at this moment:

Access to cloud apps for all guests- A conditional access policy will be created for all guests and all cloud apps. This policy impacts the Azure portal. Once this is created, you might be required to sign-out and sign-in.Access to cloud apps for all users- A conditional access policy will be created for all users and all cloud apps. This policy impacts the Azure portal. Once this is created, you will be required to sign-out and sign-in.Custom policy- Select the users, groups, and apps that this Terms of Use will be applied to.Create conditional access policy later- This terms of use will appear in the grant control list when creating a conditional access policy.

Its strongly recommended to go with custom policy or create conditional access policy later option, since the former 2 options will apply for all users accessing all cloud apps and we might have lot of segregation based on user departments, job roles and terms
of use might vary for every department.

After created we can see the terms of use created below in the terms of use section.

Further navigation we can see the number of people accepted and declined the terms of use, details and languages.

In the audit logs we can see the actions initiated and changed to the terms of use policy.

Enabling the Terms of use to conditional access intune:

Once after creating the terms of use and selecting the required conditional access template we can see that the new policy that we created will be visible in our CA policy. We can select this option and this will be enforced to all users to accept the terms
of policy.

Now we need to select this option to Microsoft Intune device enrollment.

After this is enabled we can run the what if and see if its working for the targeted user. In our case we can see the policy that we enforced is getting applied below.